1. Field of Invention
The invention relates to secure and authenticated data communications between client computers and server computers, and more particularly relates to methods and apparatus for conducting crypto-ignition processes between two-way interactive communication devices and server computers over data networks that may be wireless network or the Internet; wherein the two-way interactive communication devices, such as mobile devices, cellular phones, landline phones and Internet appliance controllers, have generally limited computing resources such as computing power, memory and graphical display capability.
2. Description of the Related Art
A fast-growing trend on the Internet is electronic commerce. The electronic commerce is an integrative concept designed to draw together a wide range of business support services, trading support systems for commodities, products, customized products and custom-built goods and services; ordering and logistic support systems; settlement support systems; and management information and statistical reporting systems, all via the global Internet. It is well known, however, that the Internet is a wide open, public and international network of interconnected computers and electronic devices around the world. To transact business over the Internet, companies or individuals must have an efficient, reliable and secured manner to conduct private communications among themselves. There have been many efforts in progress aimed at protecting the proprietary information travelling across the Internet, mostly for computer devices in landline networks.
One of the ongoing efforts is to use cryptographic techniques to secure a private communication session between a client computer and a server computer. The cryptographic techniques provide a way to transmit information across an insecure communication channel without disclosing the contents of the information to anyone eavesdropping on the communication channel. Using an encryption process in a cryptographic technique, one party can protect the contents of the data in transit from access by an unauthorized third party while the intended party can read the data using a corresponding decryption process. Encryption is a process of transforming a set of data into some unreadable "encrypted" form. The purpose thereof is to ensure privacy by keeping the actual contents of the information hidden from unintended recipients such as eavesdroppers that might access the encrypted data. Decryption is the reverse process of the encryption. Decryption is a process of transforming encrypted data back into some intelligible form such that the actual contents can be accessed. Both encryption and decryption require the use of some secret information, usually referred to as a "key." Depending on the type of encryption mechanism used, the same key might be used for both encryption and decryption, while for other mechanisms, the keys used for encryption and decryption might be different.
Traditional cryptographic techniques are based on the sender and receiver of a message knowing and using the same secret key: the sender uses the secret key to encrypt the message, and the receiver uses the same key, often referred to as the secret key, to decrypt the message. Thus, to keep the communication channel secure, no users other than the sender or receiver should be allowed access to the secret key. This method is known as secret-key or symmetric private-key cryptography. It should be noted that private-key cryptography requires a secure channel to transfer the private key between the sender and the receiver.
A relatively new concept of encryption known as public-key cryptography uses two different keys. In the two key public-key cryptography systems, each user has two keys: a public key that is published and a private key that is kept secret. To encrypt a message to a public key recipient user, a sender encrypts a message using the recipient's public key. The recipient then decrypts the message using his private key. Thus, secure communication can commence without having to transfer a secret key across a secure channel.
Thus, the primary advantage of the public-key cryptography is that private keys never need to be transmitted or revealed to anyone. In the secret-key cryptography, by contrast, the secret keys or information to generate them must be transmitted (either manually or through a secure communication channel). However, one known disadvantage of using the public-key cryptography for encryption is the encryption speed. Specifically, there are popular private-key encryption methods that are significantly faster than any currently available public-key encryption method. Thus, encryption speed becomes a very important factor in considering the private-key cryptography versus the public-key cryptography when a cryptographic technique is used in a secure communication session involving a thin client device with limited computing resources. The thin client device referred to is considered to be a two-way interactive communication device such as a mobile computing device, cellular phone, landline phone or an Internet appliance controller. A thin client device is generally designed small in size, light in weight, low in power consumption and as economically and portably as possible. Such thin client designs often result in very limited computing resources, for example, the computing power therein is, perhaps, typically equivalent to less than one percent of what is provided in a typical desktop or portable computer, and the memory capacity thereof is generally less than 250 kilobytes. In addition, the communication between the thin client and a landline server computer is often via a wireless network that is characterized with low bandwidth, the airtime thereof is expensively measured. Therefore the private-key cryptography is often used in the communication session between thin clients and landline computers to accommodate the speed requirement.
The distribution of the private encryption keys between two trusted communicating devices is called the crypto-ignition process. Manual delivery of private encryption keys in a secret manner can be used as one of the crypto-ignition methods, but the cost can be considerable when there are hundreds, perhaps thousands of the thin clients in communication with one landline server computer. Further the human errors and trust associated with this approach make it infeasible to use in reality. Therefore, there is a great need for a generic crypto-ignition process that allows automatic deliveries of the private keys between each of the thin clients respectively with the landline server computer.
Although key agreement protocols may be used alone for the two communicating parties to agree on secret keys on each side, the authentication thereof is not provided. Use of the key agreement protocols does not guarantee that the keys agreed upon are not attacked in any manner. Lack of the authentication in such schemes makes those agreed keys not strong enough to sustain in security for a long term. There may be solutions to modify those schemes for having the authentication in place, but it generally requires some secret information to be pre-loaded into the communicating devices, hence resulting in more transactions between a thin client device and a server computer. The additional transactions may further demand a significant increase in computing power and memory in the thin devices and increase the latency of information arrival from a server computer, which is generally undesirable. Thus, there is a further need for a crypto-ignition process that conducts the crypto-ignition process between two communicating devices using minimum computing power and memory therein